Security Weekly Podcast Network (Audio)

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-448

My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-582

This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behind a volume of vulns, and what modern code creation looks like. Along the way we touch on the economics of tokens and the principles behind secure software.
Keith gave a preview of his upcoming presentation (May 22nd) on these topics. Check out https://securing.dev/about/ for the slides and more of his writing on appsec.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-383

Interview with Dimitri Sirota from BigID
Most organizations think AI risk lives in the model – or the identity. It doesn’t. It lives in the data. In this episode, BigID’s CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework.
Segment Resources:
BigID's Agent Access Management Guide
BigID's podcast, CTRL + ALT + AI
This Week's Topic: Cascading Breaches
We’re seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend:
How we can stop the chain of breaches from a third party library, vendor, or service provider
How this might get handled at the legal, contractual, and organizational levels
We discuss two big recent examples:
Sonicwall's 2025 breach of their cloud firewall configuration backup service
The compromise of Aqua Security's widely used Trivy open source tool
The Weekly Enterprise News
Finally, in the enterprise security news,
Funding and M&A courtesy of the Security, Funded newsletter
We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this)
The Angry admin problem emerges again
Vulnerability information is getting crazy to keep up with
Breach information is getting crazy to keep up with
You can give your Agents an allowance now - don’t spend it all in one place
Are vulnerabilities sparse or dense?
Mythos, as a model, isn’t all that special
Deploy your own deception sensors!
Japan made something weird. Again.
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-459

Cisco Catalyst, Canvas, Exchange 0-Days, BitLocker Bypass, Mini Shai Hulud, Node IPC, Patch Tuesday, GPT-5.5, Supply Chain Attacks, and More on the Security Weekly News
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-581